From 7d16209f3a959ec232c87138847f5a4886848417cccec4002ffd73e0326649a0 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sat, 26 Jan 2008 17:22:58 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=61 --- CVE-2007-5760-xf86misc.diff | 15 ++ CVE-2007-6427-xinput.diff | 244 ++++++++++++++++++++++++++ CVE-2007-6428-TOG-cup.diff | 14 ++ CVE-2007-6429-shm_evi.diff | 298 ++++++++++++++++++++++++++++++++ CVE-2008-0006-pcf_font.diff | 18 ++ MesaLib-7.0.2.tar.bz2 | 3 - MesaLib-7.0.3-rc1.tar.bz2 | 3 + xorg-x11-server.changes | 48 ++++++ xorg-x11-server.spec | 335 +++++++++++++++++++++--------------- 9 files changed, 832 insertions(+), 146 deletions(-) create mode 100644 CVE-2007-5760-xf86misc.diff create mode 100644 CVE-2007-6427-xinput.diff create mode 100644 CVE-2007-6428-TOG-cup.diff create mode 100644 CVE-2007-6429-shm_evi.diff create mode 100644 CVE-2008-0006-pcf_font.diff delete mode 100644 MesaLib-7.0.2.tar.bz2 create mode 100644 MesaLib-7.0.3-rc1.tar.bz2 diff --git a/CVE-2007-5760-xf86misc.diff b/CVE-2007-5760-xf86misc.diff new file mode 100644 index 0000000..f0e0a7f --- /dev/null +++ b/CVE-2007-5760-xf86misc.diff @@ -0,0 +1,15 @@ +diff --git a/hw/xfree86/common/xf86MiscExt.c b/hw/xfree86/common/xf86MiscExt.c +index c1b9c60..40c196a 100644 +--- a/hw/xfree86/common/xf86MiscExt.c ++++ b/hw/xfree86/common/xf86MiscExt.c +@@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char *msgtype, const char *msgval, + { + ScrnInfoPtr pScr = xf86Screens[scrnIndex]; + ++ /* should check this in the protocol, but xf86NumScreens isn't exported */ ++ if (scrnIndex >= xf86NumScreens) ++ return BadValue; ++ + if (*pScr->HandleMessage == NULL) + return BadImplementation; + return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr); diff --git a/CVE-2007-6427-xinput.diff b/CVE-2007-6427-xinput.diff new file mode 100644 index 0000000..1343a3c --- /dev/null +++ b/CVE-2007-6427-xinput.diff @@ -0,0 +1,244 @@ +diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c +index 8fc24d5..696b74a 100644 +--- a/Xi/chgfctl.c ++++ b/Xi/chgfctl.c +@@ -302,18 +302,13 @@ ChangeStringFeedback(ClientPtr client, DeviceIntPtr dev, + xStringFeedbackCtl * f) + { + char n; +- long *p; + int i, j; + KeySym *syms, *sup_syms; + + syms = (KeySym *) (f + 1); + if (client->swapped) { + swaps(&f->length, n); /* swapped num_keysyms in calling proc */ +- p = (long *)(syms); +- for (i = 0; i < f->num_keysyms; i++) { +- swapl(p, n); +- p++; +- } ++ SwapLongs((CARD32 *) syms, f->num_keysyms); + } + + if (f->num_keysyms > s->ctrl.max_symbols) +diff --git a/Xi/chgkmap.c b/Xi/chgkmap.c +index 3361e98..df334c1 100644 +--- a/Xi/chgkmap.c ++++ b/Xi/chgkmap.c +@@ -75,18 +75,14 @@ int + SProcXChangeDeviceKeyMapping(ClientPtr client) + { + char n; +- long *p; +- int i, count; ++ unsigned int count; + + REQUEST(xChangeDeviceKeyMappingReq); + swaps(&stuff->length, n); + REQUEST_AT_LEAST_SIZE(xChangeDeviceKeyMappingReq); +- p = (long *)&stuff[1]; + count = stuff->keyCodes * stuff->keySymsPerKeyCode; +- for (i = 0; i < count; i++) { +- swapl(p, n); +- p++; +- } ++ REQUEST_FIXED_SIZE(xChangeDeviceKeyMappingReq, count * sizeof(CARD32)); ++ SwapLongs((CARD32 *) (&stuff[1]), count); + return (ProcXChangeDeviceKeyMapping(client)); + } + +@@ -102,10 +98,14 @@ ProcXChangeDeviceKeyMapping(ClientPtr client) + int ret; + unsigned len; + DeviceIntPtr dev; ++ unsigned int count; + + REQUEST(xChangeDeviceKeyMappingReq); + REQUEST_AT_LEAST_SIZE(xChangeDeviceKeyMappingReq); + ++ count = stuff->keyCodes * stuff->keySymsPerKeyCode; ++ REQUEST_FIXED_SIZE(xChangeDeviceKeyMappingReq, count * sizeof(CARD32)); ++ + dev = LookupDeviceIntRec(stuff->deviceid); + if (dev == Success) + SendErrorToClient(client, IReqCode, X_ChangeDeviceKeyMapping, 0, +diff --git a/Xi/chgprop.c b/Xi/chgprop.c +index 58db886..3fb33e1 100644 +--- a/Xi/chgprop.c ++++ b/Xi/chgprop.c +@@ -77,19 +77,15 @@ int + SProcXChangeDeviceDontPropagateList(ClientPtr client) + { + char n; +- long *p; +- int i; + + REQUEST(xChangeDeviceDontPropagateListReq); + swaps(&stuff->length, n); + REQUEST_AT_LEAST_SIZE(xChangeDeviceDontPropagateListReq); + swapl(&stuff->window, n); + swaps(&stuff->count, n); +- p = (long *)&stuff[1]; +- for (i = 0; i < stuff->count; i++) { +- swapl(p, n); +- p++; +- } ++ REQUEST_FIXED_SIZE(xChangeDeviceDontPropagateListReq, ++ stuff->count * sizeof(CARD32)); ++ SwapLongs((CARD32 *) (&stuff[1]), stuff->count); + return (ProcXChangeDeviceDontPropagateList(client)); + } + +diff --git a/Xi/grabdev.c b/Xi/grabdev.c +index 110fc6b..0671e0e 100644 +--- a/Xi/grabdev.c ++++ b/Xi/grabdev.c +@@ -78,8 +78,6 @@ int + SProcXGrabDevice(ClientPtr client) + { + char n; +- long *p; +- int i; + + REQUEST(xGrabDeviceReq); + swaps(&stuff->length, n); +@@ -87,11 +85,11 @@ SProcXGrabDevice(ClientPtr client) + swapl(&stuff->grabWindow, n); + swapl(&stuff->time, n); + swaps(&stuff->event_count, n); +- p = (long *)&stuff[1]; +- for (i = 0; i < stuff->event_count; i++) { +- swapl(p, n); +- p++; +- } ++ ++ if (stuff->length != (sizeof(xGrabDeviceReq) >> 2) + stuff->event_count) ++ return BadLength; ++ ++ SwapLongs((CARD32 *) (&stuff[1]), stuff->event_count); + + return (ProcXGrabDevice(client)); + } +diff --git a/Xi/grabdevb.c b/Xi/grabdevb.c +index c2661e8..ce0dcc5 100644 +--- a/Xi/grabdevb.c ++++ b/Xi/grabdevb.c +@@ -77,8 +77,6 @@ int + SProcXGrabDeviceButton(ClientPtr client) + { + char n; +- long *p; +- int i; + + REQUEST(xGrabDeviceButtonReq); + swaps(&stuff->length, n); +@@ -86,11 +84,9 @@ SProcXGrabDeviceButton(ClientPtr client) + swapl(&stuff->grabWindow, n); + swaps(&stuff->modifiers, n); + swaps(&stuff->event_count, n); +- p = (long *)&stuff[1]; +- for (i = 0; i < stuff->event_count; i++) { +- swapl(p, n); +- p++; +- } ++ REQUEST_FIXED_SIZE(xGrabDeviceButtonReq, ++ stuff->event_count * sizeof(CARD32)); ++ SwapLongs((CARD32 *) (&stuff[1]), stuff->event_count); + + return (ProcXGrabDeviceButton(client)); + } +diff --git a/Xi/grabdevk.c b/Xi/grabdevk.c +index 43b1928..d4b7fe8 100644 +--- a/Xi/grabdevk.c ++++ b/Xi/grabdevk.c +@@ -77,8 +77,6 @@ int + SProcXGrabDeviceKey(ClientPtr client) + { + char n; +- long *p; +- int i; + + REQUEST(xGrabDeviceKeyReq); + swaps(&stuff->length, n); +@@ -86,11 +84,8 @@ SProcXGrabDeviceKey(ClientPtr client) + swapl(&stuff->grabWindow, n); + swaps(&stuff->modifiers, n); + swaps(&stuff->event_count, n); +- p = (long *)&stuff[1]; +- for (i = 0; i < stuff->event_count; i++) { +- swapl(p, n); +- p++; +- } ++ REQUEST_FIXED_SIZE(xGrabDeviceKeyReq, stuff->event_count * sizeof(CARD32)); ++ SwapLongs((CARD32 *) (&stuff[1]), stuff->event_count); + return (ProcXGrabDeviceKey(client)); + } + +diff --git a/Xi/selectev.c b/Xi/selectev.c +index b93618a..d3670ab 100644 +--- a/Xi/selectev.c ++++ b/Xi/selectev.c +@@ -127,19 +127,16 @@ int + SProcXSelectExtensionEvent(ClientPtr client) + { + char n; +- long *p; +- int i; + + REQUEST(xSelectExtensionEventReq); + swaps(&stuff->length, n); + REQUEST_AT_LEAST_SIZE(xSelectExtensionEventReq); + swapl(&stuff->window, n); + swaps(&stuff->count, n); +- p = (long *)&stuff[1]; +- for (i = 0; i < stuff->count; i++) { +- swapl(p, n); +- p++; +- } ++ REQUEST_FIXED_SIZE(xSelectExtensionEventReq, ++ stuff->count * sizeof(CARD32)); ++ SwapLongs((CARD32 *) (&stuff[1]), stuff->count); ++ + return (ProcXSelectExtensionEvent(client)); + } + +diff --git a/Xi/sendexev.c b/Xi/sendexev.c +index e4e38d7..588c910 100644 +--- a/Xi/sendexev.c ++++ b/Xi/sendexev.c +@@ -80,7 +80,7 @@ int + SProcXSendExtensionEvent(ClientPtr client) + { + char n; +- long *p; ++ CARD32 *p; + int i; + xEvent eventT; + xEvent *eventP; +@@ -91,6 +91,11 @@ SProcXSendExtensionEvent(ClientPtr client) + REQUEST_AT_LEAST_SIZE(xSendExtensionEventReq); + swapl(&stuff->destination, n); + swaps(&stuff->count, n); ++ ++ if (stuff->length != (sizeof(xSendExtensionEventReq) >> 2) + stuff->count + ++ (stuff->num_events * (sizeof(xEvent) >> 2))) ++ return BadLength; ++ + eventP = (xEvent *) & stuff[1]; + for (i = 0; i < stuff->num_events; i++, eventP++) { + proc = EventSwapVector[eventP->u.u.type & 0177]; +@@ -100,11 +105,8 @@ SProcXSendExtensionEvent(ClientPtr client) + *eventP = eventT; + } + +- p = (long *)(((xEvent *) & stuff[1]) + stuff->num_events); +- for (i = 0; i < stuff->count; i++) { +- swapl(p, n); +- p++; +- } ++ p = (CARD32 *)(((xEvent *) & stuff[1]) + stuff->num_events); ++ SwapLongs(p, stuff->count); + return (ProcXSendExtensionEvent(client)); + } + diff --git a/CVE-2007-6428-TOG-cup.diff b/CVE-2007-6428-TOG-cup.diff new file mode 100644 index 0000000..177e949 --- /dev/null +++ b/CVE-2007-6428-TOG-cup.diff @@ -0,0 +1,14 @@ +diff --git a/Xext/cup.c b/Xext/cup.c +index d0e820c..fd1409e 100644 +--- a/Xext/cup.c ++++ b/Xext/cup.c +@@ -176,6 +176,9 @@ int ProcGetReservedColormapEntries( + + REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq); + ++ if (stuff->screen >= screenInfo.numScreens) ++ return BadValue; ++ + #ifndef HAVE_SPECIAL_DESKTOP_COLORS + citems[CUP_BLACK_PIXEL].pixel = + screenInfo.screens[stuff->screen]->blackPixel; diff --git a/CVE-2007-6429-shm_evi.diff b/CVE-2007-6429-shm_evi.diff new file mode 100644 index 0000000..9604a78 --- /dev/null +++ b/CVE-2007-6429-shm_evi.diff @@ -0,0 +1,298 @@ +diff --git a/Xext/EVI.c b/Xext/EVI.c +index 4bd050c..a637bae 100644 +--- a/Xext/EVI.c ++++ b/Xext/EVI.c +@@ -34,6 +34,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. + #include + #include "EVIstruct.h" + #include "modinit.h" ++#include "scrnintstr.h" + + static EviPrivPtr eviPriv; + +@@ -84,10 +85,22 @@ ProcEVIGetVisualInfo(ClientPtr client) + { + REQUEST(xEVIGetVisualInfoReq); + xEVIGetVisualInfoReply rep; +- int n, n_conflict, n_info, sz_info, sz_conflict; ++ int i, n, n_conflict, n_info, sz_info, sz_conflict; + VisualID32 *conflict; ++ unsigned int total_visuals = 0; + xExtendedVisualInfo *eviInfo; + int status; ++ ++ /* ++ * do this first, otherwise REQUEST_FIXED_SIZE can overflow. we assume ++ * here that you don't have more than 2^32 visuals over all your screens; ++ * this seems like a safe assumption. ++ */ ++ for (i = 0; i < screenInfo.numScreens; i++) ++ total_visuals += screenInfo.screens[i]->numVisuals; ++ if (stuff->n_visual > total_visuals) ++ return BadValue; ++ + REQUEST_FIXED_SIZE(xEVIGetVisualInfoReq, stuff->n_visual * sz_VisualID32); + status = eviPriv->getVisualInfo((VisualID32 *)&stuff[1], (int)stuff->n_visual, + &eviInfo, &n_info, &conflict, &n_conflict); +diff --git a/Xext/sampleEVI.c b/Xext/sampleEVI.c +index 7508aa7..b871bfd 100644 +--- a/Xext/sampleEVI.c ++++ b/Xext/sampleEVI.c +@@ -34,6 +34,13 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. + #include + #include "EVIstruct.h" + #include "scrnintstr.h" ++ ++#if HAVE_STDINT_H ++#include ++#elif !defined(UINT32_MAX) ++#define UINT32_MAX 0xffffffffU ++#endif ++ + static int sampleGetVisualInfo( + VisualID32 *visual, + int n_visual, +@@ -42,24 +49,36 @@ static int sampleGetVisualInfo( + VisualID32 **conflict_rn, + int *n_conflict_rn) + { +- int max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens; ++ unsigned int max_sz_evi; + VisualID32 *temp_conflict; + xExtendedVisualInfo *evi; +- int max_visuals = 0, max_sz_conflict, sz_conflict = 0; ++ unsigned int max_visuals = 0, max_sz_conflict, sz_conflict = 0; + register int visualI, scrI, sz_evi = 0, conflictI, n_conflict; +- *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi); +- if (!*evi_rn) +- return BadAlloc; ++ ++ if (n_visual > UINT32_MAX/(sz_xExtendedVisualInfo * screenInfo.numScreens)) ++ return BadAlloc; ++ max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens; ++ + for (scrI = 0; scrI < screenInfo.numScreens; scrI++) { + if (screenInfo.screens[scrI]->numVisuals > max_visuals) + max_visuals = screenInfo.screens[scrI]->numVisuals; + } ++ ++ if (n_visual > UINT32_MAX/(sz_VisualID32 * screenInfo.numScreens ++ * max_visuals)) ++ return BadAlloc; + max_sz_conflict = n_visual * sz_VisualID32 * screenInfo.numScreens * max_visuals; ++ ++ *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi); ++ if (!*evi_rn) ++ return BadAlloc; ++ + temp_conflict = (VisualID32 *)xalloc(max_sz_conflict); + if (!temp_conflict) { + xfree(*evi_rn); + return BadAlloc; + } ++ + for (scrI = 0; scrI < screenInfo.numScreens; scrI++) { + for (visualI = 0; visualI < n_visual; visualI++) { + evi[sz_evi].core_visual_id = visual[visualI]; +diff --git a/Xext/shm.c b/Xext/shm.c +index e3d7a23..c545e49 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -757,6 +757,8 @@ ProcPanoramiXShmCreatePixmap( + int i, j, result, rc; + ShmDescPtr shmdesc; + REQUEST(xShmCreatePixmapReq); ++ unsigned int width, height, depth; ++ unsigned long size; + PanoramiXRes *newPix; + + REQUEST_SIZE_MATCH(xShmCreatePixmapReq); +@@ -770,11 +772,26 @@ ProcPanoramiXShmCreatePixmap( + return rc; + + VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); +- if (!stuff->width || !stuff->height) ++ ++ width = stuff->width; ++ height = stuff->height; ++ depth = stuff->depth; ++ if (!width || !height || !depth) + { + client->errorValue = 0; + return BadValue; + } ++ if (width > 32767 || height > 32767) ++ return BadAlloc; ++ size = PixmapBytePad(width, depth) * height; ++ if (sizeof(size) == 4) { ++ if (size < width * height) ++ return BadAlloc; ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; ++ } ++ + if (stuff->depth != 1) + { + pDepth = pDraw->pScreen->allowedDepths; +@@ -785,9 +802,7 @@ ProcPanoramiXShmCreatePixmap( + return BadValue; + } + CreatePmap: +- VERIFY_SHMSIZE(shmdesc, stuff->offset, +- PixmapBytePad(stuff->width, stuff->depth) * stuff->height, +- client); ++ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + + if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes)))) + return BadAlloc; +@@ -1086,6 +1101,8 @@ ProcShmCreatePixmap(client) + register int i, rc; + ShmDescPtr shmdesc; + REQUEST(xShmCreatePixmapReq); ++ unsigned int width, height, depth; ++ unsigned long size; + + REQUEST_SIZE_MATCH(xShmCreatePixmapReq); + client->errorValue = stuff->pid; +@@ -1098,11 +1115,26 @@ ProcShmCreatePixmap(client) + return rc; + + VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); +- if (!stuff->width || !stuff->height) ++ ++ width = stuff->width; ++ height = stuff->height; ++ depth = stuff->depth; ++ if (!width || !height || !depth) + { + client->errorValue = 0; + return BadValue; + } ++ if (width > 32767 || height > 32767) ++ return BadAlloc; ++ size = PixmapBytePad(width, depth) * height; ++ if (sizeof(size) == 4) { ++ if (size < width * height) ++ return BadAlloc; ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; ++ } ++ + if (stuff->depth != 1) + { + pDepth = pDraw->pScreen->allowedDepths; +@@ -1113,9 +1145,7 @@ ProcShmCreatePixmap(client) + return BadValue; + } + CreatePmap: +- VERIFY_SHMSIZE(shmdesc, stuff->offset, +- PixmapBytePad(stuff->width, stuff->depth) * stuff->height, +- client); ++ VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( + pDraw->pScreen, stuff->width, + stuff->height, stuff->depth, +diff --git a/Xext/shm.c b/Xext/shm.c +index c545e49..e46f6fc 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -783,14 +783,6 @@ ProcPanoramiXShmCreatePixmap( + } + if (width > 32767 || height > 32767) + return BadAlloc; +- size = PixmapBytePad(width, depth) * height; +- if (sizeof(size) == 4) { +- if (size < width * height) +- return BadAlloc; +- /* thankfully, offset is unsigned */ +- if (stuff->offset + size < size) +- return BadAlloc; +- } + + if (stuff->depth != 1) + { +@@ -801,7 +793,17 @@ ProcPanoramiXShmCreatePixmap( + client->errorValue = stuff->depth; + return BadValue; + } ++ + CreatePmap: ++ size = PixmapBytePad(width, depth) * height; ++ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { ++ if (size < width * height) ++ return BadAlloc; ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; ++ } ++ + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + + if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes)))) +@@ -1126,14 +1128,6 @@ ProcShmCreatePixmap(client) + } + if (width > 32767 || height > 32767) + return BadAlloc; +- size = PixmapBytePad(width, depth) * height; +- if (sizeof(size) == 4) { +- if (size < width * height) +- return BadAlloc; +- /* thankfully, offset is unsigned */ +- if (stuff->offset + size < size) +- return BadAlloc; +- } + + if (stuff->depth != 1) + { +@@ -1144,7 +1138,17 @@ ProcShmCreatePixmap(client) + client->errorValue = stuff->depth; + return BadValue; + } ++ + CreatePmap: ++ size = PixmapBytePad(width, depth) * height; ++ if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { ++ if (size < width * height) ++ return BadAlloc; ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; ++ } ++ + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( + pDraw->pScreen, stuff->width, +diff --git a/Xext/shm.c b/Xext/shm.c +index e46f6fc..a7a1ecf 100644 +--- a/Xext/shm.c ++++ b/Xext/shm.c +@@ -799,10 +799,10 @@ CreatePmap: + if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { + if (size < width * height) + return BadAlloc; +- /* thankfully, offset is unsigned */ +- if (stuff->offset + size < size) +- return BadAlloc; + } ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; + + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + +@@ -1144,10 +1144,10 @@ CreatePmap: + if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { + if (size < width * height) + return BadAlloc; +- /* thankfully, offset is unsigned */ +- if (stuff->offset + size < size) +- return BadAlloc; + } ++ /* thankfully, offset is unsigned */ ++ if (stuff->offset + size < size) ++ return BadAlloc; + + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); + pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( diff --git a/CVE-2008-0006-pcf_font.diff b/CVE-2008-0006-pcf_font.diff new file mode 100644 index 0000000..37bb8bb --- /dev/null +++ b/CVE-2008-0006-pcf_font.diff @@ -0,0 +1,18 @@ +diff --git a/dix/dixfonts.c b/dix/dixfonts.c +index 2979c64..04f1f1b 100644 +--- a/dix/dixfonts.c ++++ b/dix/dixfonts.c +@@ -326,6 +326,13 @@ doOpenFont(ClientPtr client, OFclosurePtr c) + err = BadFontName; + goto bail; + } ++ /* check values for firstCol, lastCol, firstRow, and lastRow */ ++ if (pfont->info.firstCol > pfont->info.lastCol || ++ pfont->info.firstRow > pfont->info.lastRow || ++ pfont->info.lastCol - pfont->info.firstCol > 255) { ++ err = AllocError; ++ goto bail; ++ } + if (!pfont->fpe) + pfont->fpe = fpe; + pfont->refcnt++; diff --git a/MesaLib-7.0.2.tar.bz2 b/MesaLib-7.0.2.tar.bz2 deleted file mode 100644 index be9d64c..0000000 --- a/MesaLib-7.0.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:22a7dafa809a7d23482583d5d349d4efc2a95924684fea2d01cde6927d6c31dd -size 3384023 diff --git a/MesaLib-7.0.3-rc1.tar.bz2 b/MesaLib-7.0.3-rc1.tar.bz2 new file mode 100644 index 0000000..c5286da --- /dev/null +++ b/MesaLib-7.0.3-rc1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:19c19c7f9b713612c9e085ac5faf7aa9a5d69cf9defe2054fd1af7804973b10e +size 4737507 diff --git a/xorg-x11-server.changes b/xorg-x11-server.changes index c1e5940..bdebd6f 100644 --- a/xorg-x11-server.changes +++ b/xorg-x11-server.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Thu Jan 24 11:41:44 CET 2008 - schwab@suse.de + +- Move manpage to the sub package that provides the binary. + +------------------------------------------------------------------- +Wed Jan 23 12:29:17 CET 2008 - sndirsch@suse.de + +- update to Mesa bugfix release 7.0.3 RC1 sources + * Added missing glw.pc.in file to release tarball + * Fix GLUT/Fortran issues + * GLSL gl_FrontLightModelProduct.sceneColor variable wasn't + defined + * Fix crash upon GLSL variable array indexes (not yet supported) + * Two-sided stencil test didn't work in software rendering + * Fix two-sided lighting bugs/crashes (bug 13368) + * GLSL gl_FrontFacing didn't work properly + * glGetActiveUniform returned incorrect sizes (bug 13751) + * Fix several bugs relating to uniforms and attributes in GLSL + API (Bruce Merry, bug 13753) + * glTexImage3D(GL_PROXY_TEXTURE_3D) mis-set teximage depth field + +------------------------------------------------------------------- +Mon Jan 21 17:30:48 CET 2008 - sndirsch@suse.de + +- updated patch for CVE-2007-6429 once more (X.Org Bug #13520) + * Always test for size+offset wrapping. + +------------------------------------------------------------------- +Sun Jan 20 02:54:11 CET 2008 - sndirsch@suse.de + +- updated patch for CVE-2007-6429 (Bug #345131) + * Don't spuriously reject <8bpp shm pixmaps. + Move size validation after depth validation, and only validate + size if the bpp of the pixmap format is > 8. If bpp < 8 then + we're already protected from overflow by the width and height + checks. + +------------------------------------------------------------------- +Fri Jan 18 00:53:20 CET 2008 - sndirsch@suse.de + +- X.Org security update + * CVE-2007-5760 - XFree86 Misc extension out of bounds array index + * CVE-2007-6427 - Xinput extension memory corruption. + * CVE-2007-6428 - TOG-cup extension memory corruption. + * CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows. + * CVE-2008-0006 - PCF Font parser buffer overflow. + ------------------------------------------------------------------- Wed Dec 12 23:30:09 CET 2007 - sndirsch@suse.de diff --git a/xorg-x11-server.spec b/xorg-x11-server.spec index bc80166..40ed6cd 100644 --- a/xorg-x11-server.spec +++ b/xorg-x11-server.spec @@ -1,7 +1,7 @@ # # spec file for package xorg-x11-server (Version 7.3) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -21,7 +21,7 @@ BuildRequires: libjpeg-devel Url: http://xorg.freedesktop.org/ %define EXPERIMENTAL 0 Version: 7.3 -Release: 38 +Release: 51 License: X11/MIT BuildRoot: %{_tmppath}/%{name}-%{version}-build Group: System/X11/Servers/XF86_4 @@ -35,7 +35,7 @@ Provides: xorg-x11-server-glx Obsoletes: xorg-x11-server-glx Summary: X.Org Server Source: xorg-server-%{dirsuffix}.tar.bz2 -Source1: MesaLib-7.0.2.tar.bz2 +Source1: MesaLib-7.0.3-rc1.tar.bz2 Source3: README.updates Source4: xorgcfg.tar.bz2 %if %suse_version > 1010 @@ -98,6 +98,11 @@ Patch90: commit-fa19e84.diff Patch91: commit-f7dd0c7.diff Patch92: remove_bogus_modeline.diff Patch93: pixman.diff +Patch94: CVE-2007-5760-xf86misc.diff +Patch95: CVE-2007-6427-xinput.diff +Patch96: CVE-2007-6428-TOG-cup.diff +Patch97: CVE-2007-6429-shm_evi.diff +Patch98: CVE-2008-0006-pcf_font.diff %description This package contains the X.Org Server. @@ -159,8 +164,8 @@ An X Window System server for Virtual Network Computing (VNC). test -s hw/xfree86/os-support/shared/ia64Pci.h || \ cp $RPM_SOURCE_DIR/ia64Pci.h hw/xfree86/os-support/shared/ia64Pci.h # make legal department happy (Bug #204110) -test -f ../Mesa-7.0.2/src/mesa/drivers/directfb/idirectfbgl_mesa.c && exit 1 -test -f ../Mesa-7.0.2/progs/ggi/asc-view.c && exit 1 +test -f ../Mesa-7.0.3-rc1/src/mesa/drivers/directfb/idirectfbgl_mesa.c && exit 1 +test -f ../Mesa-7.0.3-rc1/progs/ggi/asc-view.c && exit 1 # remove wrongly prebuilt files (Bug #328201) mv hw/xfree86/xf1bpp/mfbmodule.c . rm hw/xfree86/xf1bpp/*.c @@ -223,6 +228,11 @@ popd %patch91 -p1 %patch92 -p1 %patch93 +%patch94 -p1 +%patch95 -p1 +%patch96 -p1 +%patch97 -p1 +%patch98 -p1 %build pushd xorg-docs-* @@ -288,7 +298,7 @@ autoreconf -fi --with-log-dir="/var/log" \ --with-os-name="openSUSE" \ --with-os-vendor="SUSE LINUX" \ - --with-mesa-source=$RPM_BUILD_DIR/Mesa-7.0.2 \ + --with-mesa-source=$RPM_BUILD_DIR/Mesa-7.0.3-rc1 \ --with-fontdir="/usr/share/fonts" \ --with-xkb-path="/usr/share/X11/xkb" \ --with-xkb-output="/var/lib/xkb/compiled" @@ -524,6 +534,9 @@ exit 0 /usr/%{_lib}/pkgconfig/*.pc /usr/%{_lib}/xserver/ %{_mandir}/man1/* +%exclude %{_mandir}/man1/Xdmx.1* +%exclude %{_mandir}/man1/Xnest.1* +%exclude %{_mandir}/man1/Xvfb.1* %{_mandir}/man5/* %{_mandir}/man7/* %ifnarch s390 s390x @@ -537,6 +550,9 @@ exit 0 /usr/bin/Xephyr /usr/bin/Xnest /usr/bin/Xvfb +%{_mandir}/man1/Xdmx.1* +%{_mandir}/man1/Xnest.1* +%{_mandir}/man1/Xvfb.1* %ifnarch s390 s390x %files sdk @@ -553,15 +569,48 @@ exit 0 %endif %changelog -* Wed Dec 12 2007 - sndirsch@suse.de +* Thu Jan 24 2008 schwab@suse.de +- Move manpage to the sub package that provides the binary. +* Wed Jan 23 2008 sndirsch@suse.de +- update to Mesa bugfix release 7.0.3 RC1 sources + * Added missing glw.pc.in file to release tarball + * Fix GLUT/Fortran issues + * GLSL gl_FrontLightModelProduct.sceneColor variable wasn't + defined + * Fix crash upon GLSL variable array indexes (not yet supported) + * Two-sided stencil test didn't work in software rendering + * Fix two-sided lighting bugs/crashes (bug 13368) + * GLSL gl_FrontFacing didn't work properly + * glGetActiveUniform returned incorrect sizes (bug 13751) + * Fix several bugs relating to uniforms and attributes in GLSL + API (Bruce Merry, bug 13753) + * glTexImage3D(GL_PROXY_TEXTURE_3D) mis-set teximage depth field +* Mon Jan 21 2008 sndirsch@suse.de +- updated patch for CVE-2007-6429 once more (X.Org Bug #13520) + * Always test for size+offset wrapping. +* Sun Jan 20 2008 sndirsch@suse.de +- updated patch for CVE-2007-6429 (Bug #345131) + * Don't spuriously reject <8bpp shm pixmaps. + Move size validation after depth validation, and only validate + size if the bpp of the pixmap format is > 8. If bpp < 8 then + we're already protected from overflow by the width and height + checks. +* Fri Jan 18 2008 sndirsch@suse.de +- X.Org security update + * CVE-2007-5760 - XFree86 Misc extension out of bounds array index + * CVE-2007-6427 - Xinput extension memory corruption. + * CVE-2007-6428 - TOG-cup extension memory corruption. + * CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows. + * CVE-2008-0006 - PCF Font parser buffer overflow. +* Wed Dec 12 2007 sndirsch@suse.de - xorg-server 1.4.0.90 (prerelease of 1.4.1) -* Fri Nov 30 2007 - sndirsch@suse.de +* Fri Nov 30 2007 sndirsch@suse.de - pixman.diff * fixed include path for pixman.h -* Thu Nov 29 2007 - sndirsch@suse.de +* Thu Nov 29 2007 sndirsch@suse.de - remove_bogus_modeline.diff * remove bogus monitor modelines provided by DDC (Bug #335540) -* Tue Nov 27 2007 - sndirsch@suse.de +* Tue Nov 27 2007 sndirsch@suse.de - commit-184e571.diff * Adjust offsets of modes that do not fit virtual screen size. - commit-c6c284e.diff @@ -572,11 +621,11 @@ exit 0 * Only clear crtc of output if it is the one we're actually working on. - commit-fa19e84.diff * Fix initial placement of LeftOf and Above. -* Thu Nov 22 2007 - sndirsch@suse.de +* Thu Nov 22 2007 sndirsch@suse.de - pixman.diff no longer required -* Sun Nov 18 2007 - sndirsch@suse.de +* Sun Nov 18 2007 sndirsch@suse.de - s390(x): allow mfb build without Xorg server being built -* Thu Nov 15 2007 - sndirsch@suse.de +* Thu Nov 15 2007 sndirsch@suse.de - commit-29e0e18.diff * Make config file preferred mode override monitor preferred mode. @@ -584,15 +633,15 @@ exit 0 * Leave hardware-specified preferred modes alone when user preference exists. - obsoletes preferred_mode-fix.diff -* Thu Nov 15 2007 - sndirsch@suse.de +* Thu Nov 15 2007 sndirsch@suse.de - added xorg-x11-fonts-core/xorg-x11 to Requires (Bug #341312) -* Wed Nov 14 2007 - schwab@suse.de +* Wed Nov 14 2007 schwab@suse.de - ia64linuxPciInit: allocate extra space for fake devices. -* Sat Nov 10 2007 - sndirsch@suse.de +* Sat Nov 10 2007 sndirsch@suse.de - updated to Mesa 7.0.2 (final) sources -* Wed Oct 31 2007 - sndirsch@suse.de +* Wed Oct 31 2007 sndirsch@suse.de - updated to Mesa 7.0.2 RC1 sources -* Tue Oct 23 2007 - sndirsch@suse.de +* Tue Oct 23 2007 sndirsch@suse.de - xorg-server-1.4-vnc-64bit.diff * fixes segfault on 64bit during Xserver start; make sure to define _XSERVER64 by having HAVE_DIX_CONFIG_H defined and @@ -601,15 +650,15 @@ exit 0 in xf86rfbMouseInit/xf86rfbKeybInit - finally enabled build of xf4vnc (standalone Xvnc and VNC Xserver module) -* Fri Oct 19 2007 - sndirsch@suse.de +* Fri Oct 19 2007 sndirsch@suse.de - updated xf4vnc patch; still disabled due to problematic vnc module -* Tue Oct 09 2007 - sndirsch@suse.de +* Tue Oct 09 2007 sndirsch@suse.de - preferred_mode-fix.diff * more reasonable patch (Bug #329724) -* Thu Oct 04 2007 - sndirsch@suse.de +* Thu Oct 04 2007 sndirsch@suse.de - preferred_mode-fix.diff * fixed endless loop if PreferredMode is set (Bug #329724) -* Wed Oct 03 2007 - sndirsch@suse.de +* Wed Oct 03 2007 sndirsch@suse.de - removed obsolete patch p_pci-domain.diff (Bug #308693, comment #26) - apply p_pci-off-by-one.diff.ia64 on all platforms since it clearly only affects platforms, where INCLUDE_XF86_NO_DOMAIN is *not* set; @@ -617,17 +666,17 @@ exit 0 patch in place on at least some %%ix86/x86_64 machines with fglrx/ nvidia driver IIRC; it needs to verified if this problem is still reproducable ... (Bug #308693, comment #25) -* Wed Oct 03 2007 - sndirsch@suse.de +* Wed Oct 03 2007 sndirsch@suse.de - xserver-1.3.0-xkb-and-loathing.patch * Ignore (not just block) SIGALRM around calls to Popen()/Pclose(). Fixes a hang in openoffice when opening menus. (Bug #245711) -* Wed Oct 03 2007 - sndirsch@suse.de +* Wed Oct 03 2007 sndirsch@suse.de - added missing ia64Pci.h; required for IA64 -* Wed Oct 03 2007 - sndirsch@suse.de +* Wed Oct 03 2007 sndirsch@suse.de - recreated p_pci-off-by-one.diff.ia64; the default fuzz factor of patch (2) resulted in a hunk applied to the wrong function and therefore broke the build :-( -* Sat Sep 29 2007 - sndirsch@suse.de +* Sat Sep 29 2007 sndirsch@suse.de - xorg-server 1.4 * Welcome to X.Org X Server 1.4, now with hotplugging input to go with the hotplugging output. Also included in this release are @@ -674,29 +723,29 @@ exit 0 - pixman.diff: * search for pixman instead of pixman-1 - bumped version to 7.3 -* Tue Sep 25 2007 - sndirsch@suse.de +* Tue Sep 25 2007 sndirsch@suse.de - remove wrongly prebuilt xf1bpp files after extracting tarball; fixes vga module loading (Bug #328201) - do not use "make -j" to (quick)fix xf1bpp build - do not apply p_pci-domain.diff on IA64 - use updated off-by-one patch by schwab for IA64 -* Fri Sep 21 2007 - sndirsch@suse.de +* Fri Sep 21 2007 sndirsch@suse.de - edit_data_sanity_check.diff: * added sanity check for monitor EDID data (Bug #326454) -* Tue Sep 11 2007 - sndirsch@suse.de +* Tue Sep 11 2007 sndirsch@suse.de - reverted changes by schwab on Fri Sep 7; these resulted i a black screen during Xserver start with any driver on non-IA64 platforms -* Mon Sep 10 2007 - sndirsch@suse.de +* Mon Sep 10 2007 sndirsch@suse.de - use-composite-for-unequal-depths.patch: * Use Composite when depths don't match (Bug #309107, X.Org Bug [#7447]) -* Fri Sep 07 2007 - schwab@suse.de +* Fri Sep 07 2007 schwab@suse.de - Update off-by-one patch. - Remove empty patch. -* Mon Sep 03 2007 - sndirsch@suse.de +* Mon Sep 03 2007 sndirsch@suse.de - fbdevhw.diff: * ignore pixclock set to 0 by Xen kernel (Bug #285523) -* Fri Aug 31 2007 - sndirsch@suse.de +* Fri Aug 31 2007 sndirsch@suse.de - added several RANDR 1.2 fixes (Bug #306699) * randr12-2926cf1da7e4ed63573bfaecdd7e19beb3057d9b.diff Allocate the right number of entries for saving crtcs @@ -723,49 +772,49 @@ exit 0 crtc is set by RRCrtcNotify, which is called at the end of RRScanOldConfig. Several uses of output->crtc in this function were wrong. -* Thu Aug 23 2007 - sndirsch@suse.de +* Thu Aug 23 2007 sndirsch@suse.de - i810_dri_fix_freeze.diff: * fixes freeze after pressing Ctrl-Alt-BS (X.Org Bug #10809) -* Thu Aug 23 2007 - sndirsch@suse.de +* Thu Aug 23 2007 sndirsch@suse.de - xserver-mode-fuzzy-check.diff: * Fix for Xserver being more fuzzy about mode validation (Bug #270846) -* Sat Aug 18 2007 - sndirsch@suse.de +* Sat Aug 18 2007 sndirsch@suse.de - disable AIGLX by default; without enabled Composite extension (still problematic on many drivers) it's rather useless anyway - updated xorg.conf manual page -* Sat Aug 11 2007 - dmueller@suse.de +* Sat Aug 11 2007 dmueller@suse.de - fix fileconflict over doc/MAINTAINERS - build parallel -* Sat Aug 04 2007 - sndirsch@suse.de +* Sat Aug 04 2007 sndirsch@suse.de - updated Mesa source to bugfix release 7.0.1 -* Fri Jul 20 2007 - sndirsch@suse.de +* Fri Jul 20 2007 sndirsch@suse.de - xephyr-sig11-fix.diff: * long vs. CARD32 mismatch in KeySym definitions between client and server code - this patch seems to fix it (and the input rework in head fixed it as well in a different way) (Bug #235320) -* Sat Jul 14 2007 - sndirsch@suse.de +* Sat Jul 14 2007 sndirsch@suse.de - fixed build on s390(x) -* Tue Jul 03 2007 - sndirsch@suse.de +* Tue Jul 03 2007 sndirsch@suse.de - added X(7) and security(7) manual pages -* Sat Jun 23 2007 - sndirsch@suse.de +* Sat Jun 23 2007 sndirsch@suse.de - updated Mesa source to final release 7.0 -* Thu Jun 21 2007 - sndirsch@suse.de +* Thu Jun 21 2007 sndirsch@suse.de - updated Mesa source to release 7.0 RC1 * Mesa 7.0 is a stable, follow-on release to Mesa 6.5.3. The only difference is bug fixes. The major version number bump is due to OpenGL 2.1 API support. -* Wed Jun 06 2007 - sndirsch@suse.de +* Wed Jun 06 2007 sndirsch@suse.de - simplified p_default-module-path.diff -* Tue May 22 2007 - sndirsch@suse.de +* Tue May 22 2007 sndirsch@suse.de - disabled build of Xprt - moved Xdmx, Xephyr, Xnest and Xvfb to new subpackage xorg-x11-server-extra -* Wed May 02 2007 - sndirsch@suse.de +* Wed May 02 2007 sndirsch@suse.de - commit-c09e68c: * Paper over a crash at exit during GLX teardown -* Mon Apr 30 2007 - sndirsch@suse.de +* Mon Apr 30 2007 sndirsch@suse.de - updated to Mesa 6.5.3 sources - obsoletes the following patches: * bug-211314_mesa-destroy_buffers.diff @@ -786,24 +835,24 @@ exit 0 - remove__GLinterface.patch/ support_mesa6.5.3.patch * required Xserver changes for Mesa 6.5.3 -* Sat Apr 28 2007 - sndirsch@suse.de +* Sat Apr 28 2007 sndirsch@suse.de - xorg-x11-server-1.2.99-unbreak-domain.patch: * This patch fixes some multi-domain systems such as Pegasos with xorg-server 1.3. Since pci-rework should get merged soon and this patch is a bit of a hack, it never got pushed upstream. (X.Org Bug #7248) -* Fri Apr 27 2007 - sndirsch@suse.de +* Fri Apr 27 2007 sndirsch@suse.de - back to Mesa 6.5.2 (Bug #269155/269042) -* Wed Apr 25 2007 - sndirsch@suse.de +* Wed Apr 25 2007 sndirsch@suse.de - Mesa update: 4th RC ready * This fixes some breakage in RC3. -* Tue Apr 24 2007 - sndirsch@suse.de +* Tue Apr 24 2007 sndirsch@suse.de - Mesa update: 3rd release candidate * updated Windows/VC8 project files. -* Sun Apr 22 2007 - sndirsch@suse.de +* Sun Apr 22 2007 sndirsch@suse.de - updated to Mesa 6.5.3rc2 sources * a number of bug fixes since the first RC -* Sat Apr 21 2007 - sndirsch@suse.de +* Sat Apr 21 2007 sndirsch@suse.de - updated to Mesa 6.5.3rc1 sources - obsoletes the following patches: * bug-211314_mesa-destroy_buffers.diff @@ -823,7 +872,7 @@ exit 0 * Mesa-6.5.2-fix_radeon_cliprect.diff - GL-Mesa-6.5.3.diff: * adjusted GL subdir to Mesa 6.5.3rc1 -* Fri Apr 20 2007 - sndirsch@suse.de +* Fri Apr 20 2007 sndirsch@suse.de - xserver 1.3.0.0 release * Syncmaster 226 monitor needs 60Hz refresh (#10545). * In AIGLX EnterVT processing, invoke driver EnterVT before @@ -839,34 +888,34 @@ exit 0 detect. * Was accidentally disabling rotation updates in mode set. * Disable SourceValidate in rotation to capture cursor. -* Tue Apr 10 2007 - sndirsch@suse.de +* Tue Apr 10 2007 sndirsch@suse.de - Mesa-6.5.2-fix_radeon_cliprect.diff: * fixes X.Org Bug #9876 -* Fri Apr 06 2007 - sndirsch@suse.de +* Fri Apr 06 2007 sndirsch@suse.de - bug-259290_trapfault.diff: * fixes crash caused by bug in XRender code (Bug #259290) -* Fri Apr 06 2007 - sndirsch@suse.de +* Fri Apr 06 2007 sndirsch@suse.de - xserver 1.2.99.905 release: * CVE-2007-1003: XC-MISC Extension ProcXCMiscGetXIDList() Memory Corruption * X.Org Bug #10296: Fix timer rescheduling - obsoletes bug-243978_xcmisc.diff -* Fri Apr 06 2007 - sndirsch@suse.de +* Fri Apr 06 2007 sndirsch@suse.de - xserver 1.2.99.904 release: * Don't erase current crtc for outputs on CloseScreen -* Thu Apr 05 2007 - sndirsch@suse.de +* Thu Apr 05 2007 sndirsch@suse.de - bug-243978_xcmisc.diff: * mem corruption in ProcXCMiscGetXIDList (CVE-2007-1003, Bug #243978) -* Wed Apr 04 2007 - sndirsch@suse.de +* Wed Apr 04 2007 sndirsch@suse.de - bug-211314_mesa-refcount-memleak-fixes.diff: * Fix for memleaks and refount bugs (Bug #211314) -* Fri Mar 30 2007 - sndirsch@suse.de +* Fri Mar 30 2007 sndirsch@suse.de - p_default-module-path.diff: * only return /usr/%%lib/xorg/modules in "-showDefaultModulePath" Xserver option (Bug #257360) - set Xserver version to 7.2.0 with configure option (Bugs #257360, #253702) -* Tue Mar 27 2007 - sndirsch@suse.de +* Tue Mar 27 2007 sndirsch@suse.de - xserver 1.2.99.903 release: * Create driver-independent CRTC-based cursor layer. * Allow xf86_reload_cursors during server init. @@ -898,13 +947,13 @@ exit 0 or DirectColor. * Add per-drawable Xv colour key helper function. * Bump video driver ABI version to 1.2. -* Mon Mar 19 2007 - sndirsch@suse.de +* Mon Mar 19 2007 sndirsch@suse.de - no longer apply bug-211314_mesa-context.diff, bug-211314_p_drawable_privclean.diff (Bug #211314, comment #114) - added different Mesa patches (Bug #211314, comments #114/#115) -* Thu Mar 15 2007 - schwab@suse.de +* Thu Mar 15 2007 schwab@suse.de - Remove bug197190-ia64.diff, fix x86emu instead. -* Wed Mar 14 2007 - sndirsch@suse.de +* Wed Mar 14 2007 sndirsch@suse.de - xserver 1.2.99.902 release: * Xprint: shorten font filename to fit in tar length limit * Move xf86SetSingleMode into X server from intel driver. @@ -921,40 +970,40 @@ exit 0 event with XTest." * Xext: Update device's lastx/lasty when sending a motion event with XTest. -* Wed Mar 14 2007 - sndirsch@suse.de +* Wed Mar 14 2007 sndirsch@suse.de - xf86crtc_allowdual.diff no longer required; replaced by xrandr_12_newmode.diff in xrandr (xorg-x11 package) -* Wed Mar 14 2007 - sndirsch@suse.de +* Wed Mar 14 2007 sndirsch@suse.de - bug197190-ia64.diff: * missing -DNO_LONG_LONG for IA64 (Bug #197190) -* Fri Mar 09 2007 - sndirsch@suse.de +* Fri Mar 09 2007 sndirsch@suse.de - xf86crtc_allowdual.diff: * allows dualhead even when the second monitor is not yet connected during Xserver start -* Tue Mar 06 2007 - sndirsch@suse.de +* Tue Mar 06 2007 sndirsch@suse.de - %%post: replace "i810beta" with "intel" in existing xorg.conf -* Mon Mar 05 2007 - sndirsch@suse.de +* Mon Mar 05 2007 sndirsch@suse.de - xserver 1.2.99.901 release: * RandR 1.2 * EXA damage track * minor fixes -* Mon Feb 19 2007 - sndirsch@suse.de +* Mon Feb 19 2007 sndirsch@suse.de - use global permissions files for SUSE > 10.1 (Bug #246228) -* Thu Feb 01 2007 - sndirsch@suse.de +* Thu Feb 01 2007 sndirsch@suse.de - improved bug-197858_dpms.diff to fix Xserver crash (Bug #197858) -* Mon Jan 29 2007 - sndirsch@suse.de +* Mon Jan 29 2007 sndirsch@suse.de - bug-197858_dpms.diff: * finally fixed "X server wakes up on any ACPI event" issue (Bug #197858) -* Thu Jan 25 2007 - sndirsch@suse.de +* Thu Jan 25 2007 sndirsch@suse.de - bug-211314_p_drawable_privclean.diff: * fixed for cleaning up pointers -* Wed Jan 24 2007 - sndirsch@suse.de +* Wed Jan 24 2007 sndirsch@suse.de - fixed build -* Wed Jan 24 2007 - sndirsch@suse.de +* Wed Jan 24 2007 sndirsch@suse.de - bug-211314_p_drawable_privclean.diff: * fixes Xserver crash in Mesa software rendering path (Bug #211314) -* Tue Jan 23 2007 - sndirsch@suse.de +* Tue Jan 23 2007 sndirsch@suse.de - xserver 1.2.0 release * Bug #9219: Return BadMatch when trying to name the backing pixmap of an unrealized window. @@ -1002,46 +1051,46 @@ exit 0 * int10-fix.diff * cve-2006-6101_6102_6103.diff - disabled build of VNC server/module -* Wed Jan 17 2007 - sndirsch@suse.de +* Wed Jan 17 2007 sndirsch@suse.de - bug-211314_mesa-context.diff: * fixes Xserver crash in software rendering fallback (Bug #211314) -* Tue Jan 16 2007 - sndirsch@suse.de +* Tue Jan 16 2007 sndirsch@suse.de - 0018-vnc-support.txt.diff * fixed unresolved symbols vncRandomBytes/deskey in VNC module (terminated Xserver when client connected) -* Tue Jan 16 2007 - sndirsch@suse.de +* Tue Jan 16 2007 sndirsch@suse.de - bug227111-ddc_screensize.diff: * allow user overrides for monitor settings (Bug #227111) -* Mon Jan 15 2007 - sndirsch@suse.de +* Mon Jan 15 2007 sndirsch@suse.de - loadmod-bug197195.diff: * check the complete path (Bug #197195) -* Sun Jan 14 2007 - sndirsch@suse.de +* Sun Jan 14 2007 sndirsch@suse.de - added build of VNC support (0018-vnc-support.txt/ 0018-vnc-support.txt.diff); see 0018-vnc-support.txt.mbox for reference -* Tue Jan 09 2007 - sndirsch@suse.de +* Tue Jan 09 2007 sndirsch@suse.de - cve-2006-6101_6102_6103.diff: * CVE-2006-6101 iDefense X.org ProcRenderAddGlyphs (Bug #225972) * CVE-2006-6102 iDefense X.org ProcDbeGetVisualInfo (Bug #225974) * CVE-2006-6103 iDefense X.org ProcDbeSwapBuffers (Bug #225975) -* Tue Dec 19 2006 - sndirsch@suse.de +* Tue Dec 19 2006 sndirsch@suse.de - int10-fix.diff * Set Int10Current->Tag for the linux native int10 module (X.Org Bug #9296) * obsoletes p_initialize-pci-tag.diff -* Tue Dec 19 2006 - sndirsch@suse.de +* Tue Dec 19 2006 sndirsch@suse.de - reverted latest change by schwab (Bug #197190, comment #67) -* Mon Dec 18 2006 - schwab@suse.de +* Mon Dec 18 2006 schwab@suse.de - Fix off-by-one in pci multi-domain support [#229278]. -* Wed Dec 13 2006 - sndirsch@suse.de +* Wed Dec 13 2006 sndirsch@suse.de - libdrm.diff: * no longer fail when some driver tries to load "drm" module -* Tue Dec 12 2006 - sndirsch@suse.de +* Tue Dec 12 2006 sndirsch@suse.de - xorg-server-1.1.99.901-GetDrawableAttributes.patch: * hopefully fixes AIGLX issues (X.Org Bug #8991) -* Fri Dec 08 2006 - sndirsch@suse.de +* Fri Dec 08 2006 sndirsch@suse.de - another 64bit warning fix -* Sat Dec 02 2006 - sndirsch@suse.de +* Sat Dec 02 2006 sndirsch@suse.de - X.Org 7.2RC3 release * Add a -showDefaultModulePath option. * Add a -showDefaultLibPath option. @@ -1062,25 +1111,25 @@ exit 0 * Bug #9023: Only check mice for "mouse" or "void" if identifier is != NULL. Fix potential NULL pointer access in timer code. - updated Mesa sources to 6.5.2 -* Tue Nov 28 2006 - sndirsch@suse.de +* Tue Nov 28 2006 sndirsch@suse.de - xserver-timers.diff: * fix null pointer reference in timer code (Bug #223718) -* Mon Nov 20 2006 - sndirsch@suse.de +* Mon Nov 20 2006 sndirsch@suse.de - p_pci-off-by-one.diff: * readded off by one fix, which has been dropped by accident (Bug #197190) -* Mon Nov 20 2006 - sndirsch@suse.de +* Mon Nov 20 2006 sndirsch@suse.de - acpi_events.diff: * distinguish between general and input devices also for APM (Bug #197858) -* Tue Nov 14 2006 - sndirsch@suse.de +* Tue Nov 14 2006 sndirsch@suse.de - removed /etc/X11/Xsession.d/92xprint-xpserverlist (Bug #220733) -* Tue Nov 14 2006 - sndirsch@suse.de +* Tue Nov 14 2006 sndirsch@suse.de - mouse-fix.diff: * prevent driver from crashing when something different than "mouse" or "void" is specified; only check mice for "mouse" or "void" if identifier is != NULL. (X.Org Bug #9023) -* Tue Nov 14 2006 - sndirsch@suse.de +* Tue Nov 14 2006 sndirsch@suse.de - X.Org 7.2RC2 release - adjusted p_enable-altrix.diff, p_pci-domain.diff - obsoletes p_pci-ia64.diff, xorg-xserver-ia64-int10.diff @@ -1156,11 +1205,11 @@ exit 0 xfree86: re-enable chipset-specific drivers for Linux/ia64 Rich Coe: CheckConnections: don't close down the server client (bug #7876) -* Thu Nov 09 2006 - sndirsch@suse.de +* Thu Nov 09 2006 sndirsch@suse.de - p_ppc_domain_workaround.diff: * ugly workaround for still missing domain support on ppc (Bug #202133) -* Sat Nov 04 2006 - sndirsch@suse.de +* Sat Nov 04 2006 sndirsch@suse.de - updated to snapshot of xserver-1.2-branch (soon to be released as X.Org 7.2RC2) * Make sure xorgcfg files are included even when dist made with @@ -1180,26 +1229,26 @@ exit 0 * Fix automake error: BUILT_SOURCES was defined multiple times on Solaris * Bug #1997: AUDIT messages should contain uid for local accesses * If getpeerucred() is available, include pid & zoneid in audit messages too -* Wed Nov 01 2006 - sndirsch@suse.de +* Wed Nov 01 2006 sndirsch@suse.de - added /etc/modprobe.d/nvidia -* Wed Oct 25 2006 - sndirsch@suse.de +* Wed Oct 25 2006 sndirsch@suse.de - xorg-xserver-ia64-int10.diff: * build int10 module with _PC only on %%ix86 (Bug #197190) -* Mon Oct 23 2006 - sndirsch@suse.de +* Mon Oct 23 2006 sndirsch@suse.de - added build of Xephyr; useful for debugging KDE apps (coolo) -* Tue Oct 17 2006 - sndirsch@suse.de +* Tue Oct 17 2006 sndirsch@suse.de - cfb8-undefined.diff: * fixes warning for undefined behaviour -* Tue Oct 17 2006 - aj@suse.de +* Tue Oct 17 2006 aj@suse.de - Own /etc/X11/Xsession.d directory. -* Mon Oct 16 2006 - aj@suse.de +* Mon Oct 16 2006 aj@suse.de - Use /etc/X11/Xsession.d. -* Sat Oct 14 2006 - sndirsch@suse.de +* Sat Oct 14 2006 sndirsch@suse.de - updated to X.Org 7.2RC1 -* Fri Oct 13 2006 - sndirsch@suse.de +* Fri Oct 13 2006 sndirsch@suse.de - only disable AIGLX by default on SUSE <= 10.1 (Bug #197093) - no longer fake release version for fglrx driver (Bug #198125) -* Mon Oct 09 2006 - sndirsch@suse.de +* Mon Oct 09 2006 sndirsch@suse.de - glx-align.patch: * reenabled -D__GLX_ALIGN64 on affected plaforms (X.Org Bug #8392) - Fixes to p_pci-domain.diff (Bug #197572) @@ -1210,43 +1259,43 @@ exit 0 * This additional patch enables the build of the altrix detection routines, which have apparently not been included in Xorg 7.1 yet. This patch needs a autoreconf -fi after application. -* Mon Sep 18 2006 - sndirsch@suse.de +* Mon Sep 18 2006 sndirsch@suse.de - updated to Mesa 6.5.1 -* Wed Sep 13 2006 - sndirsch@suse.de +* Wed Sep 13 2006 sndirsch@suse.de - disable-fbblt-opt.diff: * Disable optimization (introduced by ajax) due to a general vesa driver crash later in memcpy (Bug #204324) -* Sat Sep 09 2006 - sndirsch@suse.de +* Sat Sep 09 2006 sndirsch@suse.de - removed two source files with imcompatible license from Mesa tarball (Bug #204110) - added a check to specfile to make sure that these will not be reintroduced with the next Mesa update again (Bug #204110) -* Fri Sep 01 2006 - sndirsch@suse.de +* Fri Sep 01 2006 sndirsch@suse.de - moved xf86Parser.h,xf86Optrec.h back to /usr/include/xorg, since SaX2 build issues have finally been resolved by making use of "-iquote /usr/include/xorg -I." -* Thu Aug 31 2006 - sndirsch@suse.de +* Thu Aug 31 2006 sndirsch@suse.de - disable-root-xorg_conf.diff: * no longer consider to read /root/xorg.conf -* Tue Aug 29 2006 - sndirsch@suse.de +* Tue Aug 29 2006 sndirsch@suse.de - only require xorg-x11-fonts-core ('fixed' + 'cursor' fonts) -* Mon Aug 28 2006 - sndirsch@suse.de +* Mon Aug 28 2006 sndirsch@suse.de - fake release version for fglrx driver again, since using IgnoreABI does not help (the check for the ABI version is in the binary-only fglrx driver) -* Sun Aug 27 2006 - sndirsch@suse.de +* Sun Aug 27 2006 sndirsch@suse.de - added Requires: xorg-x11-driver-{input,video} (Bug #202080) -* Fri Aug 25 2006 - sndirsch@suse.de +* Fri Aug 25 2006 sndirsch@suse.de - ignore-abi.diff: * adds IgnoreABI option for xorg.conf (same as -ignoreABI) - remove .la files - no longer fake release version for fglrx driver; use the new IgnoreABI option instead! -* Fri Aug 25 2006 - sndirsch@suse.de +* Fri Aug 25 2006 sndirsch@suse.de - PCI/IA64 Patches (Bug #197572): * apply new p_pci-domain.diff (mhopf) * apply new p_pci-ce-x.diff (mhopf) -* Thu Aug 24 2006 - sndirsch@suse.de +* Thu Aug 24 2006 sndirsch@suse.de - PCI/IA64 Patches (Bug #197572): * removed p_mappciBIOS_complete.diff (already applied upstream) * apply p_pci-ia64.diff @@ -1254,10 +1303,10 @@ exit 0 * disabled for now: - p_pci-domain.diff: still issues with it - p_pci-ce-x.diff: sits on top of p_pci-domain.diff -* Sun Aug 20 2006 - sndirsch@suse.de +* Sun Aug 20 2006 sndirsch@suse.de - added PCI/IA64 patches, but disabled them for now (Bug #197572) - remove comp. symlinks in /usr/X11R6/bin for openSUSE >= 10.2 -* Fri Aug 18 2006 - sndirsch@suse.de +* Fri Aug 18 2006 sndirsch@suse.de - fixed build for s390/s390x, e.g. use configure options --disable-install-libxf86config --disable-aiglx @@ -1265,35 +1314,35 @@ exit 0 --disable-xorg - changed os-name to "openSUSE" instead of "Linux" before - fake release version for fglrx driver :-( -* Thu Aug 17 2006 - sndirsch@suse.de +* Thu Aug 17 2006 sndirsch@suse.de - xinerama-sig11.diff: * prevents Xserver Sig11 with broken Xinerama config (Bug #135002) -* Tue Aug 15 2006 - sndirsch@suse.de +* Tue Aug 15 2006 sndirsch@suse.de - moved /usr/%%_lib/pkgconfig/xorg-server.pc to xorg-x11-server - added pkgconfig to Requires of xorg-x11-server -* Sat Aug 12 2006 - sndirsch@suse.de +* Sat Aug 12 2006 sndirsch@suse.de - disable-aiglx.diff: * disabled AIGLX by default (related to Bug #197093); enable it with 'Option "AIGLX" "true"' in ServerFlags section of xorg.conf -* Wed Aug 09 2006 - sndirsch@suse.de +* Wed Aug 09 2006 sndirsch@suse.de - enabled build of aiglx -* Wed Aug 09 2006 - sndirsch@suse.de +* Wed Aug 09 2006 sndirsch@suse.de - patch font path also in xorg.conf when set to /usr/lib/X11/fonts/ or /usr/X11/lib/X11/fonts -* Tue Aug 08 2006 - sndirsch@suse.de +* Tue Aug 08 2006 sndirsch@suse.de - patch xorg.conf in %%post: * radeonold/radeon10b driver --> radeon driver -* Mon Aug 07 2006 - sndirsch@suse.de +* Mon Aug 07 2006 sndirsch@suse.de - added "Requires: xorg-x11-fonts" to prevent issues like "could not open default font 'fixed'" for any Xserver -* Mon Aug 07 2006 - sndirsch@suse.de +* Mon Aug 07 2006 sndirsch@suse.de - make sure that symlinks /usr/bin/X --> /var/X11R6/bin/X /var/X11R6/bin/X --> /usr/bin/Xorg are packaged. - p_xorg_acpi.diff: * fixed for archs which don't have HAVE_ACPI defined, e.g. ppc -* Mon Aug 07 2006 - sndirsch@suse.de +* Mon Aug 07 2006 sndirsch@suse.de - p_xf86Mode.diff: * removes wrong warning (Bug #139510) - p_xorg_acpi.diff: @@ -1319,7 +1368,7 @@ exit 0 (SLED10 Blocker Bugs #180535, #170991, #158806) - p_ia64-console.diff: * fixes MCA after start of second Xserver (Bug #177011) -* Sat Aug 05 2006 - sndirsch@suse.de +* Sat Aug 05 2006 sndirsch@suse.de - p_mouse_misc.diff: * fix X server crashes with synaptics driver (Bug #61702) - pu_fixes.diff @@ -1333,35 +1382,35 @@ exit 0 - ps_showopts.diff * Xserver "-showopts" option to print available driver options (Bug #137374) -* Sat Aug 05 2006 - sndirsch@suse.de +* Sat Aug 05 2006 sndirsch@suse.de - add /var/X11R6/bin directory for now (Bug #197188) -* Wed Aug 02 2006 - sndirsch@suse.de +* Wed Aug 02 2006 sndirsch@suse.de - fix setup line -* Mon Jul 31 2006 - sndirsch@suse.de +* Mon Jul 31 2006 sndirsch@suse.de - fixed fatal compiler warnings -* Mon Jul 31 2006 - sndirsch@suse.de +* Mon Jul 31 2006 sndirsch@suse.de - always (and only) patch xorg.conf if necessary -* Mon Jul 31 2006 - sndirsch@suse.de +* Mon Jul 31 2006 sndirsch@suse.de - update to xorg-server release 1.1.99.3 -* Fri Jul 28 2006 - sndirsch@suse.de +* Fri Jul 28 2006 sndirsch@suse.de - use "-fno-strict-aliasing" -* Thu Jul 27 2006 - sndirsch@suse.de +* Thu Jul 27 2006 sndirsch@suse.de - use $RPM_OPT_FLAGS - remove existing /usr/include/X11 symlink in %%pre -* Wed Jul 26 2006 - sndirsch@suse.de +* Wed Jul 26 2006 sndirsch@suse.de - install xf86Parser.h,xf86Optrec.h to /usr/include instead of /usr/include/xorg, so it is no longer necessary to specify "-I/usr/include/xorg" which resulted in including a wrong "shadow.h" (by X.Org) when building SaX2 (strange build error) -* Tue Jul 25 2006 - sndirsch@suse.de +* Tue Jul 25 2006 sndirsch@suse.de - added permissions files -* Tue Jul 25 2006 - sndirsch@suse.de +* Tue Jul 25 2006 sndirsch@suse.de - add compatibility symlink /usr/X11R6/bin/Xorg -* Fri Jul 21 2006 - sndirsch@suse.de +* Fri Jul 21 2006 sndirsch@suse.de - p_ValidatePci.diff: * no longer call ValidatePci() to fix i810 driver issues (Bug #191987) -* Fri Jul 21 2006 - sndirsch@suse.de +* Fri Jul 21 2006 sndirsch@suse.de - fixed build -* Tue Jun 27 2006 - sndirsch@suse.de +* Tue Jun 27 2006 sndirsch@suse.de - created package